"This plugin catches nearly every splog."

Anti-Splog will save you days of work by blocking and intelligently killing spam blogs (splogs).

Built originally for Edublogs, we used years of experience and the data from thousands of other Multisite networks to block and kill the spam that drives you mad.

This plugin goes way beyond any other method. At its core is an intelligent Anti-Splog API service hosted at WPMU DEV.

Three Layers of Protection

Anti-Splog works with three layers of protection to provide the ultimate in splog killing power.

Signup prevention includes 5 methods to choose from that can limit or stop evil automated bots that are flooding your Multisite install. These can be fairly effective, but with our experience on sites like Edublogs, a large number of splogs are manually created. While every other splog prevention plugin stops here and leaves your site unprotected, ours goes 200% further.

The Anti-Splog API goes to work when sploggers makes it past the initial roadblocks. This plugin sends signup information to our API server, and we decide if it’s suspicious enough to mark the blog as spam right off the bat. The beauty of our Anti-Splog API service is that we crowdsource data from tens of thousands of blogs, Edublogs and other Anti-Splog users. If anyone else has run into that splogger or spam post you don’t have to worry about it on your site.

Post-monitoring then takes the game to a whole new level – where the service may not have enough information to mark a blog as spam right at signup, fear not. The second a splogger writes a spam post, no matter how cleverly disguised, our API service analyzes it and boom, that splog is shutdown.

It’s hard to describe the utter satisfaction we are getting watching splogs killed live before our eyes every few minutes at Edublogs.

Track your incoming signups and splogs

How Anti Splog works

These measures are mainly to stop bots. User friendly error messages are shown to users if any of these prevent signup.

They are all optional and include:

1. Limiting the number of signups per IP per 24 hours

This can slow down human spammers too if the site clientele supports it.

Probably not on a network like Edublogs though as it caters to schools which may need to make a large number of blogs from one IP.

Limit Signup per IP

2. Changing the signup page location every 24 hours

This is one of the most effective yet still user-friendly methods to stop bots dead.

Choices from answering user defined questions, picking the cat pics, reCAPTCHA and Are You A Human PlayThru.

The best verification tools available

The Anti-splog API

When signup is complete (email activated) and a blog is first created, or when a user publishes a new post it will send all kinds of blog and signup info to our premium server where we will rate it based on our secret ever-tweaking logic.

Our API will then return a splog Certainty number (0%-100%).

If that number is greater than the sensitivity preference you set in the settings (80% default) then the blog gets spammed. Since the blog was actually created, it will show up in the network admin dashboard still (as spammed) so you can unspam later if there was a mistake (and our API will learn from that).

Simple connect with the WPMU DEV API

Anti-splog Moderation

For existing blogs or blogs that get past other filters, the queue provides an ongoing way to monitor blogs and spam or flag them as valid using ignore.

The Suspect Blog queue

Also, if a user tries to visit a blog that has been spammed, it will now show a user-friendly message and form to contact the admin for review if they think it was valid. The email contains links to be able to easily unspam or bring up the last posts.

Splog Review form

The entire queue is AJAX based so you can moderate blogs with incredible speed, not having to wait for the page to reload on every action. Click an action link (like spam) and it flashes and instantly disappears!

The Suspected Blogs Queue

This list pulls in any blogs that the plugin thinks may be splogs.

It pulls in blogs that have a greater than 0% certainty as previously returned by our api, and those that contain at least 1 keyword in recent posts from the keyword list you define. The list attempts to bring the most suspected blogs to the top, ordered by # of keyword matches, then % splog certainty (as returned by the API), and finally by last update.

The list has a bunch of improvements for moderation including last user name, last user IP, links to search for, Spam any user and their blogs or blogs tied to an IP (incredibly powerful, be careful with that one.), ability to Ignore (dismiss) valid blogs from the queue and view a list of recent posts and instant previews of their content or the entire blog without leaving the page (the most time saving feature of all!)

Fast spam moderation

Recent Splogs List

This is simply a list of all blogs that have been marked as spam on the network, in order of the time they were spammed.

The idea here is that if you make a mistake you can come back and undo it quickly. If a user complains that a valid blog was spammed, a review link will be sent to your email so you can quickly pull it up here and see previews of the latest posts or entire blog to confirm (normally you wouldn’t be able to see blog content at all for spammed blogs).

Entire Blog Preview (Even when spammed)

Ignored Blogs

If a valid blog shows up in the suspect list, simply mark it as ignored to get it out of there. It will then show in the ignored list just in case you need to undo.

The Anti-Splog Flowchart

Sploggers don’t stand a chance

Anti-Splog is Buddypress compatible with the exception of auto-renaming wp-signup.php. Note that it does not yet protect against spam users or their entries in status updates, forums, activity streams, etc.

Time to clean up your WordPress Multisite network and make some sploggers really mad.

If you are using Multi-DB:

You need to add the global table lines to db-config.php BEFORE installing Anti-Splog plugin or running the sql.txt

If your API key is working properly the API Key field will change to green

6. Select your Blog Signup Splog Certainty

When a blog is first created the signup info to our premium server where it is rated based on our secret ever-tweaking calculations and logic.

Our API return a Blog Signup Splog Certainty

Blogs that are greater than or equal to the number you select are automatically spammed and will be listed on your Recent Splogs page

On Edublogs an 85 % Blog Signup Splog Certainty is used because it is very accurate at spamming splogs with minimal spamming on non-splogs

7. Select your Post Splog Certainty

When a new post is published it is sent to our premium server where it is rated based on our secret ever-tweaking calculations, keywords and logic.

Our API return a Post Splog Certainty

Blogs that are greater than or equal to the number you select are automatically spammed and will be listed on your Recent Splogs page

On Edublogs an 78 % Post Splog Certainty is used because it is very accurate at spamming splogs with minimal spamming on non-splogs

8. Select your Limit Blog Signups Per Day

This is designed to slow limit the number of splogs that can be registers per day from an IP address as sploggers often register large numbers of blogs in a short time

Edublogs uses Unlimited because schools often have lots of blogs being created from the one IP address. Most sites can set this to a low number like 1 or 2 unless they cater to groups of users using the same internet connection.

9. Choose if you want to Rename wp-signup.php

This auto moves the signup URL every 24 hours

It’s a user friendly method of stopping splog bots in their tracks

It is not BuddyPress Compatible

This option is not used on Edublogs

10. Choose if you want to Spam/Unspam Blog Users

Some sploggers create several blogs using the same username — this spams their username prevent them from creating further blogs with that username

11. Select your Queue Display preferences

These settings determine how blogs and posts are displayed and previewed on your Suspected Blogs, Recent Splogs and Ignored Splogs page

Edublogs settings used are shown below

12. For now remove all keywords from Spam Keyword Search as it is covered later in “How To Use Anti-splog”

13. Select your Additional Signup Protection

These are designed to prevent automated spam bot signups

They are used with caution as you don’t want to annoy genuine users who want to sign up on your network

How to Use the Suspected Blogs Page

The Suspected Blogs page lists any blogs that the plugin thinks may be splogs based on:

Having a Splog Certainty greater than 0 % as returned by our API from our servers

Containing at least 1 keyword in recent posts from the keyword list you added into the Spam Keyword Search on the Settings page

The blogs on the Suspected Blogs Page are listed from most suspected blog to the least suspected based on the following order

Number of keyword matches

% splog certainty (as returned by the API) with those with the highest splog certainty being listed first

Last updated

Hovering your mouse over the domain or Blog User brings up the Spam and Ignore action menu.

The idea is you work through the suspected blog page to:

Click on Spam blogs that are definitely splogs — this moves them to the Recent Splog page where you can unspam them if necessary

Click on Ignore blogs that are definitely not splogs — this moves them to the Ignored Blog page where you can spam them if necessary (in case you made a mistake)

Take no action because you haven’t decided if a blog is/isn’t a splog — this keeps them on the Suspected Splog page so you can monitor their activity (when unsure it is best to leave them on the Suspected Blog page)

Here is a flowchart to trace the functionality of Anti-Splog:

The Anti-Splog Process Diagram (Click on Image to Zoom In for a closer look at each step)

b) Or spam their registered IP by clicking on Spam action link next to their IP address and then clicking OK

this shows you how many blogs that have been created from the IP address and how many blogs have already been spammed from that IP address

sploggers often create large numbers of splogs from the same IP address so this is a fast way to spam a large number of splogs in one go

be patient when using the spam action menu next to registered IP as there can be a bit of a delay in checking the numbers of blogs and spammed at an IP

Previewing Suspected Splogs

With most blogs on the suspected blog page it won’t be obvious that they are splogs so you will need to preview them.

As you work through previewing the suspected splogs you need to:

Spam definite splogs by either clicking on Spam next to their domain or their IP address

Click on Ignore for blogs that definitely aren’t splogs

Take no action of blogs you aren’t sure about – so you can continue to monitor them on the Suspected Splog page

To check you should start by first clicking on their post title. This loads a preview of that post.

Obvious signs of splogs are lots of link within post content that link to the same or similar websites – have a quick check of all links in their post to see where they are linking as some sploggers are very clever

Links to a websites at the bottom of the post

If unsure after checking a few posts then make sure you preview the blog because some splogs are clever and put the links in their blogroll on the sidebar

If the blog doesn’t have any post then click on the domain name to load a preview of the blog

this loads slower than the previewing a post so in most situations it’s best to use post preview where possible

some sploggers will replace the Hello World with their spam post and this is the only post they will have on the blog

Make sure for any suspect blogs you check their blogroll as some clever splogs hide their links in the sidebar

In the example below the splog linked to sex sites using the blog roll while hiding it in what appeared to be a harmless pet blog.

Working With The Splog Review Request Form

The blog-suspended.php is used to show the user friendly spammed page with the review form so that users can request their blog to be unspammed.

This form is the fastest option for unspamming blogs incorrectly marked as spam.

The Splog Review Request Form is submitted to the email address listed in Network Admin > Settings – make sure you have changed the email address or set up your email account.

All you need to do is click on the review link in the email:

This takes you to the location of that blog on your Recent Splog page.

Now unspamming a blog is as simple as:

Click on post titles to preview the posts to confirm it isn’t a splog

Click on the Not Spam action link to unspam a blog

What To Do If You Incorrectly Spam A Large Number of blogs from the same IP address

You can quickly unspammed blogs from the same IP address as follows:

1. Copy the registered IP address of one of the blogs for the Recent splog page
2. Go to Network Admin > Sites
3. Add the IP address and then click Search IP
4. Select the blogs and then click Not Spam

On Edublogs it’s easy to spot if blogs have accidentally been marked as spam from the one IP address by checking their email address as they’ll often be from the same institutional domain email address

Working with Spam Keyword searches

The API service works by checking recently created blogs, usernames and newly published posts.

Whereas the Keyword search is designed to find old and inactive splogs that the API service would no longer catch — since the splogs aren’t being updated.

You must understand that the keyword search only referenced posts back to the date you originally installed Post Indexer plugin — the Post Indexer doesn’t index any post prior to the date it was installed

The Keyword should only be added to the Spam Keyword search on the Anti-splog Settings page temporarily while searching for splogs

Once you’ve used a keyword, actioned the suspected splogs located using the keyword on the Suspected splog page then you SHOULD remove that search term from your Anti-splog Settings page

Only use about 2 keywords per search as it can slow down or timeout your Suspected Blogs page — if you get a white page on the Suspected Blogs page just remove the keywords you’ve added

Remember keywords are not case sensitive and can match any part of the word.

Ideally try terms being used by your splogs but aren’t used much by genuine blogs

To use the spam keyword search:

1. Go to Network Admin > Settings > Anti-Splog

2. Click on the Settings tab

3. Add your Spam Keyword search terms – only add 2 keywords at a time

4. Click Save Changes at the bottom of your Anti-splog Settings page

5. Check the suspected splogs located using the keyword on the Suspected splog page (they will appear at the top of the page)

6. Click on Spam blogs that are definitely splogs or on Ignore blogs that are definitely not splogs

7. Once completed go back to your Settings page and do a new search

8. When finished remove all keywords from the Spam Keyword Search field on your Settings page and click Save Changes

Creating your own signup page

If you’re an advanced user and you wish to create your own wp-signup.php form then you can create one named custom-wpsignup.php and drop this into your /wp-content/ folder.